[SLING-8845] URL query parameter values are double-escaped for cases where namespace mangling has to be performed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: XSS Protection API 2.0.8
Fix Version/s: XSS Protection API 2.1.16
Component/s: XSS Protection API
Labels:
None

Description

URL query parameter values are double-escaped for cases where namespace mangling has to be performed:

xssAPI.getValidHref("/path/to/page?key=%25text"); // -> /path/to/page?key=%25text (which is correct)

xssAPI.getValidHref("/path/to/page/jcr:content/par?key=%25text"); // -> /path/to/page/_jcr_content/par?key=%2525text (which is wrong)

Attachments

Activity

People

Assignee:: Radu Cotescu

Reporter:: Radu Cotescu

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Nov/19 15:03

Updated:: 22/Nov/19 13:55

Resolved:: 14/Nov/19 15:28